REMARKS 

Regarding the Examiner's request that Figures 1-3 be labelled with a legend 
PRIOR ART, the undersigned hereby points out that Figures 1-3 are already labelled with 
the legend PRIOR ART, so this requirement is not understood, and clarification is 
requested. 

With regard to the Section 112 rejection of claims 2 and 6, claim 2 has been 
amended to make it clear that the state information being referred to is the state 
information mentioned in the first claim. A similar amendment has been made to claim 6 to 
add a comma to make the meaning of the sentence clear. 

The Examiner has rejected claims 1-6, 11-14 and 17-31 as anticipated by Mikurak 
(US 6,606,744). 

Mikurak relates to providing collaborative installation management in a network- 
based supply chain environment. Mikurak has nothing to do with security gateway 
cluster comprising at least two nodes. 

Mikurak fails to teach any kind of security gateway cluster comprising at least 
two nodes. The Examiner argues that the ATM swtich or the virtual circuit mentioned in 
Col. 28, lines 59-67 and col. 29, lines 1-12 and 27-42 correspond to the gateway of the 
claims. 

Gateways are different than switches. The McGraw Hill Telecommunications, 
Desktop Encyclopedia of Telecommunications, at p. 169 defines Gateways as follows: 
Gateways are used to interconnect dissimilar networks or applications. 
Gateways operate at the highest layer of the Open Systems Interconnection 
(OSI) reference model: the Application layer. A gateway consists of protocol 
conversion software that usually resides in a server, minimcomputer or 
mainframe or front-end device. Gateways interconnect disparate networks or 
media by processing the various protocols used by each so that information from 
the send is intelligible to the receiver, despite differences in their networks or 
computing platforms. 

The Network Press, Dictionary of Networking (2nd Ed.) at p. 141 defines a 
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gateway as: 

a shared connection between a local-area network (LAN) and a larger system, 
such as a mainframe computer or a large packet-switched network, whose 
communication protocols are different. Usually slower than a bridge or router, a 
gateway is a combination of hardware and software with its own processor and 
memory used to perform protocol conversions. 

This same dictionary defines packet switching as: 

A data transmission method that simultaneously routes and transmits data 
packets from many different customers over a communications channel or 
telephone line, thus optimizing use of the line. An addressed packet is routed 
from node to node until it reaches its destination, although related packets may not 
all follow the sae route to that destination. Because long messages may be 
divided into several packets, packet sequence number are used to reassemble 
the original message at the destination node. 

The Webster's New World, Dictionary of Computer Terms (7th Ed) defines packet 

switching at p. 388 as 'ollows: 

packet switching network: One of two fundamental architecutres for the design 
of a wide-area network (WAN); the other is a circuit switching network. In a 
packet-switching network sucas the Internet, no effort is made to establish a 
single electrical circuit between two computing devices; for this reason, packet- 
switching networks are often called connectionless. Instead, the sending 
computer divides a message into a number of efficiently sized units called 
packets, each of whcih contains the address of the destination comptuer. These 
packets are simpley dumped onto the network. They are intercepted by devices 
called routers, which read each packet's destination address adn, based on that 
information, send the packets in the appropriate direction. Eventually, the packets 
arrive at their intended destination, although some may have actually travelled by 
different physical paths. The receiving computer assembles the packets, puts 
them in order, and delivers the received message to the appropriate application. 
Packet-swiching networks are highly reliable and efficient, but they are not suited 
to the delivery of real-time voice and video. 



Note that there is no mention of protocol conversion in packet switching in either of these 
definitions. This is because packet switches and ATM switches route packets or ATM 
cells between network legs having the same communication protocol and there is no 
need for protocol conversion. 

The claims at bar all call for a gateway with multiple nodes, i.e., a gateway 
cluster. Gateways are not switches since they do protocol conversion and switches do 
not. Therefore, there is no anticipation since the prior art reference does not teach 
gateway clusters. 
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More specifically, we strongly disagree with the Examiner that the ATM switch or 
the virtual circuit mentioned in Mikurak is a security gateway cluster. No person skilled in 
the art of network security systems could consider an ATM switch as a security 
gateway. An ATM switch operates only to switch ATM cells from incoming virtual 
connections to outgoing virtual connections according to the address information in the 
ATM cells. A virtual connection is a connection, not any kind of security device or 
security gateway. 

The meaning of the term "security gateway" can also be unambiguously derived 
from the specification of the present application, and the term "definitively" does not 
relate to an ATM switch or a virtual connection. 

Mikurak also fails to teach storing information in at least two nodes in said 
security gateway cluster, or synchronizing the state information in said security gateway 
cluster by sending state information from a first node to at least a second node of said at 
least two nodes. On the contrary, in Kikurack, the ATM switches are only for switching 
ATM cells between different virtual connections so as to transfer the cells from a source 
to a destination. In Mikurak, there is no state information stored in and synchronized 
between different nodes of a cluster. 

Mikurak further fails to teach detecting in a security gateway cluster a 
predetermined irregularly occurring action and initiating the step of synchonization of 
state information as a response to said predetermined irregularly occurring action. 

The Examiner alleges that a redundancy check based on a cyclic redundancy 
code (CRC) for detecting errors corresponds to such irregularly occurring action. The 
Examiner further alleges error correction and re-insertion of the control information onto 
the departing packet corresponds to the synchronizing. This has nothing to do with the 
present invention. Mikurak only discloses a conventional error detection and correction 
for transmission errors which may have occurred on the previous connection leg, prior 
to transmitting the corrected information over the next connection leg. 

The claimed invention, for the above stated reasons, is not anticipated by Mikurak. 
Voluntary Amendments 

Claim 18 was changed from an independent claim to a dependent claim to cover 
the process of synchronizing node-specific state information only to one or more backup 
nodes and synchronizing common state information to all nodes when detection of failure 
of a first node is detected. 
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Claim 19 was amended to restate the claim in a form which is more in line with 
U.S. practice by characterizing the claim as a computer-readable medium claim and 
reciting the method steps of claim 1 and reordering the steps somewhat to make more 
sense. 

Claims 20 - 29 were all changed from software entity claims to node claims 
having a processor programmed with program code means to perform various functions. 

Claims 30 - 32 are all apparatus claims stated in means plus function terms 
without the program code modifiers and should be interpreted to cover both hardware 
and software or combinations of the two which perform the stated functions. 



I hereby certify that this correspondence is being deposited with the United 
States Postal Service as First Class Mail, postage prepaid, in an envelope addressed to: 
Commissioner for Patents Mail Stop Amendment, P.O. Box 1450, Alexandria, Va. 22313- 
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